Make our playbook command compatible with boto (for AssumedRoles) #26
Conversation
kubesae/ansible/deploy.py
Outdated
| with c.cd("deploy/"): | ||
| c.run(f"ansible-playbook {name} {extra} -{'v'*verbosity}") | ||
| c.run(f"ansible-playbook {name} {extra} -{'v'*verbosity}", env=shell_env) |
There was a problem hiding this comment.
Neat, looks like env updates the default environment dict by default, rather than replace it. 🆒
| @@ -77,6 +77,7 @@ configuration each task uses. | |||
| "app": "appname", | |||
| "aws": { | |||
| "region": "us-west-2", | |||
| "profile_name": "my-aws-profile", # a profile from .aws/credentials | |||
There was a problem hiding this comment.
Is the idea that since not all tasks require this method, this would be set temporarily in your local checkout, run the tasks, and then unset it? If not, I wonder if everyone is using the same AWS_PROFILE name or not.
There was a problem hiding this comment.
Good question. I was going on the assumption that we standardize the AWS_PROFILE that each developer uses for the project. The docs in jade-truffle now include a section for setting up a profile named after the project, and that's what we're doing in philly-hip. But maybe I should make that more explicit in the docs or here?
There was a problem hiding this comment.
Ah right, and this is just the playbook task, not deploy. I suppose if you wanted an optional profile, you could write a project-level task to just set it ad-hoc, like inv staging temp-creds playbook.
So I think making it more explicit in the docs sounds good 👍
|
Hmm, I had skipped over your |
|
Good question, I'm not sure, maybe it can be made up since it's just for CloudTrail? I also don't mean to delay merging this PR as is, since it's working as is 👍 |
Fixed Conflicts: kubesae/ansible/deploy.py
|
@copelco thanks for the reviews! This is updated. |
This is an attempted fix for caktus/ansible-role-django-k8s#29 (comment)
I haven't yet tested this out,but wanted to see what people thought of the approach.Update. I've now tested it out locally, and it works. If I don't have
profile_nameset in my tasks.py, then it fails. If I setaws.profile_name = saguaro-cluster, then it succeeds.